| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Weißer BildschirmWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.06.2013, 17:42
| #1 |
 |  Weißer Bildschirm Hallo, der Laptop von meinem Arbeitskollegen wurde von einem Bundestrojaner befallen?! Nach dem Hochfahren des Computers (Windows Vista) erscheint ein weißer Bildschirm und man kann nichts machen. Abgesicherter Modus --> startet direkt neu wenn explorer geladen ist Abgesicherter Modus mit Netzwerktreibern --> startet direkt neu wenn explorer geladen ist Abgesicherter Modus mit Eingabeaufforderung --> funktioniert Habe mich in dem Forum hier schonmal umgeschaut und das scheint ja ein bekanntes Problem hier zu sein. Ich habe mir erlaubt schonmal die OTL logfile zu generieren. Code:
ATTFilter OTL logfile created on: 6/3/2013 7:24:22 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Business Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 22.35 Gb Free Space | 29.99% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2013/05/17 08:22:25 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/02/20 19:37:24 | 000,371,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/11/30 04:31:54 | 000,026,112 | ---- | M] () [Auto] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2008/01/20 22:25:31 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2009/11/30 04:31:46 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2009/08/04 08:49:56 | 000,220,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R)
DRV - [2009/07/10 07:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/11/05 17:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/20 22:23:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {65cee10f-b443-447b-bc49-588d94ec564a} - C:\Program Files\FileConverter_1.3F4\prxtbFile.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\meinLaptop_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN10200577301906479&ctid=CT3284351
IE - HKU\meinLaptop_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\meinLaptop_ON_C\..\URLSearchHook: {65cee10f-b443-447b-bc49-588d94ec564a} - C:\Program Files\FileConverter_1.3F4\prxtbFile.dll (Conduit Ltd.)
IE - HKU\meinLaptop_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (FileConverter 1.3F4 Toolbar) - {65cee10f-b443-447b-bc49-588d94ec564a} - C:\Program Files\FileConverter_1.3F4\prxtbFile.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FileConverter 1.3F4 Toolbar) - {65cee10f-b443-447b-bc49-588d94ec564a} - C:\Program Files\FileConverter_1.3F4\prxtbFile.dll (Conduit Ltd.)
O3 - HKU\meinLaptop_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\meinLaptop_ON_C\..\Toolbar\WebBrowser: (FileConverter 1.3F4 Toolbar) - {65CEE10F-B443-447B-BC49-588D94EC564A} - C:\Program Files\FileConverter_1.3F4\prxtbFile.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\meinLaptop_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\meinLaptop_ON_C Winlogon: Shell - (C:\Users\meinLaptop\AppData\Roaming\skype.dat) - C:\Users\meinLaptop\AppData\Roaming\skype.dat ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/05/30 14:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Collaboration
[2013/05/30 14:12:28 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/05/30 13:30:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2013/05/30 12:58:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2013/05/30 12:58:03 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2013/05/30 12:58:03 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2013/05/30 12:58:03 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2013/05/30 12:58:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2013/05/30 12:58:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2013/05/30 12:57:59 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2013/05/30 12:57:59 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2013/05/30 12:57:59 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2013/05/30 12:57:59 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2013/05/30 12:57:59 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2013/05/30 12:57:52 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2013/05/30 12:57:52 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2013/05/30 12:57:52 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2013/05/30 12:57:52 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2013/05/30 12:57:52 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2013/05/30 12:52:30 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2013/05/30 12:52:26 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2013/05/30 12:52:07 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2013/05/30 12:52:06 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/05/30 12:51:55 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2013/05/30 12:51:55 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2013/05/30 12:51:55 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2013/05/30 12:51:54 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2013/05/30 12:51:54 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2013/05/30 12:51:54 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2013/05/30 12:51:53 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2013/05/30 12:51:53 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2013/05/30 12:51:53 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2013/05/30 12:51:44 | 001,695,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/05/30 12:51:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2013/05/30 12:51:43 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2013/05/30 12:42:29 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2013/05/30 12:42:21 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2013/05/30 12:42:04 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2013/05/30 12:34:35 | 000,000,000 | ---D | C] -- C:\Users\meinLaptop\AppData\Local\WindowsUpdate
[2013/05/30 12:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2013/05/30 12:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2013/05/30 12:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Protector
[2013/05/30 12:22:43 | 000,000,000 | ---D | C] -- C:\Users\meinLaptop\AppData\Roaming\Systweak
[2013/05/30 12:22:42 | 000,018,360 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2013/05/30 12:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2013/05/30 12:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean Pro
[2013/05/30 11:13:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
========== Files - Modified Within 30 Days ==========
[2013/06/03 12:10:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/03 11:50:26 | 000,000,004 | ---- | M] () -- C:\Users\meinLaptop\AppData\Roaming\skype.ini
[2013/06/03 11:47:18 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/03 11:47:10 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 11:47:10 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 11:00:07 | 000,015,872 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/06/03 11:00:07 | 000,004,930 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/31 07:21:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/30 14:13:30 | 000,001,846 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2013/05/30 13:34:58 | 000,228,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/30 13:30:53 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/05/30 13:30:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/30 13:19:31 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013/05/30 13:19:31 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013/05/30 13:17:11 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/30 12:23:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2013/05/30 12:22:41 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2013/05/30 12:22:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2013/05/30 11:46:41 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/30 11:46:41 | 000,004,502 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/30 01:50:44 | 000,090,112 | R--- | M] () -- C:\Users\meinLaptop\AppData\Roaming\skype.dat
[2013/05/29 13:03:38 | 000,011,776 | ---- | M] () -- C:\Users\meinLaptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/24 14:32:43 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/17 08:22:24 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/17 08:22:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2013/05/30 14:13:30 | 000,001,846 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2013/05/30 12:57:52 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2013/05/30 12:57:52 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2013/05/30 12:57:52 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2013/05/30 12:23:45 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2013/05/30 12:22:51 | 000,000,274 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013/05/30 12:22:49 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013/05/30 12:22:41 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2013/05/30 12:09:26 | 000,000,004 | ---- | C] () -- C:\Users\meinLaptop\AppData\Roaming\skype.ini
[2013/04/05 10:55:04 | 000,090,112 | R--- | C] () -- C:\Users\meinLaptop\AppData\Roaming\skype.dat
[2012/10/14 07:53:15 | 000,011,776 | ---- | C] () -- C:\Users\meinLaptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/23 15:05:06 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012/05/23 15:05:06 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012/05/23 15:05:06 | 000,015,872 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012/05/23 15:05:06 | 000,004,930 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012/05/23 06:55:06 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2012/05/23 05:44:36 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2012/05/23 05:36:07 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2012/05/23 05:36:06 | 000,982,212 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2012/05/23 05:36:06 | 000,439,280 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2012/05/23 05:36:06 | 000,134,544 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2012/05/23 05:36:06 | 000,092,168 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2012/05/23 05:21:59 | 000,000,680 | ---- | C] () -- C:\Users\meinLaptop\AppData\Local\d3d9caps.dat
[2008/01/20 22:25:51 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2008/01/20 22:24:41 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 08:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:43 | 000,228,296 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:33:01 | 000,004,502 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2004/09/22 15:17:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
========== LOP Check ==========
[2012/05/23 07:09:01 | 000,000,000 | ---D | M] -- C:\Users\meinLaptop\AppData\Roaming\Leadertech
[2013/04/21 13:20:32 | 000,000,000 | ---D | M] -- C:\Users\meinLaptop\AppData\Roaming\Spider Player
[2013/05/30 12:23:49 | 000,000,000 | ---D | M] -- C:\Users\meinLaptop\AppData\Roaming\Systweak
[2012/05/23 05:19:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 09:02:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2012/05/23 05:19:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/05/23 05:19:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2006/11/02 09:02:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2012/05/23 05:19:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2013/05/30 12:23:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Systweak
[2006/11/02 09:02:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/05/23 05:19:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2013/05/30 13:19:31 | 000,000,274 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_DEFAULT.job
[2013/05/30 13:19:31 | 000,000,282 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_UPDATES.job
[2013/06/03 10:52:01 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Da ich nicht genau weiß, was ich jetzt genau mit dem OTL code anfangen soll nun die Bitte um Hilfe. Und gleich die Frage vorab... Wie kann ich im Abgesicherten Modus mit Eingabeaufforderung das script, das ich hier hoffentlich bekomme, einfügen? Bin jetzt an meinem eigenen Rechner und mache hier alles was ich für den Laptop brauche. Vielen Dank im Voraus für die schnelle Hilfe Grüße |
|
03.06.2013, 17:51
| #2 |
| /// Malware-holic   | Weißer Bildschirm Hi,
__________________auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O20 - HKU\meinLaptop_ON_C Winlogon: Shell - (C:\Users\meinLaptop\AppData\Roaming\skype.dat) - C:\Users\meinLaptop\AppData\Roaming\skype.dat ()
[2013/06/03 11:50:26 | 000,000,004 | ---- | M] () -- C:\Users\meinLaptop\AppData\Roaming\skype.ini
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
03.06.2013, 18:34
| #3 |
| | Weißer Bildschirm Vielen Dank für die schnelle Antwort. Ich habe deinen Code genommen und ihn in fix.txt auf dem USB-Stick gespeichert.
__________________Diesen habe ich dann am Laptop eingesteckt und das Programm gestartet. Wie von dir beschrieben habe ich die Meldungen mit "yes" beantwortet, wobei die erste Meldung bei mir nicht erscheint. Ich werde nur nach den Benutzern gefragt nicht nach der registry. Wenn ich dann die .txt Datei ausgewählt habe konnte ich in dem Programm nichts mehr anklicken... 5 mal versucht und 2 mal nach einem Neustart des Rechners. Auch wenn ich deinen Code manuell einfüge kan ich den "Fix button" kein zweites Mal betätigen... Ist das normal, also fixt der automatisch? Habe einmal 5 Minuten gewartet und habe es dann erneut geschlossen als nichts passiert ist. |
|
03.06.2013, 18:38
| #4 |
| /// Malware-holic | Weißer Bildschirm otl öffnen, code per hand eintragen, fix klicken, gehts dann?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.06.2013, 18:47
| #5 |
| | Weißer Bildschirm Jetzt ist was passiert. Folgendes ist dabei rausgekommen: Code:
ATTFilter ========== OTL ==========
Registry value HKEY_USERS\meinLaptop_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\meinLaptop\AppData\Roaming\skype.dat deleted successfully.
File C:\Users\meinLaptop\AppData\Roaming\skype.dat not found.
File C:\Users\meinLaptop\AppData\Roaming\skype.ini not found.
========== FILES ==========
========== COMMANDS ==========
[EMPTYFLASH]
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Total Files Cleaned = 0.00 mb
OTLPE by OldTimer - Version 3.1.48.0 log created on 06032013_224527
|
|
03.06.2013, 18:48
| #6 |
| /// Malware-holic | Weißer Bildschirm neustarten ohne cd bitte und dann, wenns läuft, weiter mit Upload
__________________ --> Weißer Bildschirm |
|
03.06.2013, 18:54
| #7 |
| | Weißer Bildschirm Jetzt hats funktioniert. Mache mir erstmal was zum Abendessen dann mache ich weiter. Vielen vielen Dank schonmal! Obwohl, der nächste Schritt war ja nicht zeitaufwendig. Habe den Zip-Ordner hochgeladen |
|
03.06.2013, 18:57
| #8 |
| /// Malware-holic | Weißer Bildschirm guten hunger
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.06.2013, 18:57
| #9 |
| | Weißer Bildschirm Datei ist hochgeladen |
|
03.06.2013, 18:59
| #10 |
| /// Malware-holic | Weißer Bildschirm thx. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.06.2013, 20:09
| #11 |
| | Weißer Bildschirm Zwei Funde kamen bei raus:  |
|
03.06.2013, 20:11
| #12 |
| /// Malware-holic | Weißer Bildschirm log posten bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.06.2013, 20:23
| #13 |
| | Weißer Bildschirm Sry Code:
ATTFilter 00:06:10.0441 1648 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:06:10.0457 1648 ============================================================
00:06:10.0457 1648 Current date / time: 2013/06/04 00:06:10.0457
00:06:10.0457 1648 SystemInfo:
00:06:10.0457 1648
00:06:10.0457 1648 OS Version: 6.0.6001 ServicePack: 1.0
00:06:10.0457 1648 Product type: Workstation
00:06:10.0457 1648 ComputerName: MEINLAPI
00:06:10.0457 1648 UserName: meinLaptop
00:06:10.0457 1648 Windows directory: C:\Windows
00:06:10.0457 1648 System windows directory: C:\Windows
00:06:10.0457 1648 Processor architecture: Intel x86
00:06:10.0457 1648 Number of processors: 2
00:06:10.0457 1648 Page size: 0x1000
00:06:10.0457 1648 Boot type: Normal boot
00:06:10.0457 1648 ============================================================
00:06:11.0892 1648 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:06:11.0923 1648 Drive \Device\Harddisk1\DR2 - Size: 0x3E800000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x7F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:06:11.0923 1648 ============================================================
00:06:11.0923 1648 \Device\Harddisk0\DR0:
00:06:11.0923 1648 MBR partitions:
00:06:11.0923 1648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x950E800
00:06:11.0923 1648 \Device\Harddisk1\DR2:
00:06:11.0923 1648 MBR partitions:
00:06:11.0923 1648 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x588, BlocksNum 0x1F3A78
00:06:11.0923 1648 ============================================================
00:06:11.0970 1648 C: <-> \Device\Harddisk0\DR0\Partition1
00:06:11.0970 1648 ============================================================
00:06:11.0970 1648 Initialize success
00:06:11.0970 1648 ============================================================
00:07:01.0103 3024 ============================================================
00:07:01.0103 3024 Scan started
00:07:01.0103 3024 Mode: Manual; SigCheck; TDLFS;
00:07:01.0103 3024 ============================================================
00:07:01.0914 3024 ================ Scan system memory ========================
00:07:01.0914 3024 System memory - ok
00:07:01.0914 3024 ================ Scan services =============================
00:07:02.0117 3024 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
00:07:02.0226 3024 ACPI - ok
00:07:02.0319 3024 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:07:02.0335 3024 AdobeFlashPlayerUpdateSvc - ok
00:07:02.0382 3024 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
00:07:02.0397 3024 adp94xx - ok
00:07:02.0444 3024 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
00:07:02.0460 3024 adpahci - ok
00:07:02.0460 3024 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
00:07:02.0475 3024 adpu160m - ok
00:07:02.0475 3024 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
00:07:02.0491 3024 adpu320 - ok
00:07:02.0553 3024 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:07:02.0647 3024 AeLookupSvc - ok
00:07:02.0709 3024 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
00:07:02.0756 3024 AFD - ok
00:07:02.0803 3024 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:07:02.0819 3024 agp440 - ok
00:07:02.0850 3024 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
00:07:02.0865 3024 aic78xx - ok
00:07:02.0897 3024 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
00:07:02.0943 3024 ALG - ok
00:07:02.0975 3024 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
00:07:02.0975 3024 aliide - ok
00:07:02.0990 3024 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
00:07:03.0006 3024 amdagp - ok
00:07:03.0037 3024 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
00:07:03.0037 3024 amdide - ok
00:07:03.0068 3024 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
00:07:03.0115 3024 AmdK7 - ok
00:07:03.0146 3024 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
00:07:03.0177 3024 AmdK8 - ok
00:07:03.0255 3024 [ 46DF729D906D8C0C1F68D85370528523 ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
00:07:03.0271 3024 AppHostSvc - ok
00:07:03.0333 3024 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
00:07:03.0349 3024 Appinfo - ok
00:07:03.0396 3024 [ C56DED3FE618C8BAE1AAAF4E801CCB3E ] AppMgmt C:\Windows\System32\appmgmts.dll
00:07:03.0458 3024 AppMgmt - ok
00:07:03.0489 3024 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
00:07:03.0489 3024 arc - ok
00:07:03.0505 3024 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
00:07:03.0521 3024 arcsas - ok
00:07:03.0552 3024 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:07:03.0599 3024 AsyncMac - ok
00:07:03.0614 3024 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
00:07:03.0630 3024 atapi - ok
00:07:03.0661 3024 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:07:03.0692 3024 AudioEndpointBuilder - ok
00:07:03.0708 3024 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
00:07:03.0723 3024 Audiosrv - ok
00:07:03.0770 3024 [ 57A52EE74FD55C590F209925088CB68B ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
00:07:03.0786 3024 BCM42RLY - ok
00:07:03.0879 3024 [ DF854B83276859183849F15EFF031730 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
00:07:04.0098 3024 BCM43XX - ok
00:07:04.0176 3024 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
00:07:04.0238 3024 Beep - ok
00:07:04.0285 3024 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
00:07:04.0332 3024 BFE - ok
00:07:04.0394 3024 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll
00:07:04.0457 3024 BITS - ok
00:07:04.0519 3024 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
00:07:04.0566 3024 blbdrive - ok
00:07:04.0597 3024 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:07:04.0628 3024 bowser - ok
00:07:04.0659 3024 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
00:07:04.0706 3024 BrFiltLo - ok
00:07:04.0706 3024 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
00:07:04.0753 3024 BrFiltUp - ok
00:07:04.0800 3024 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
00:07:04.0831 3024 Browser - ok
00:07:04.0878 3024 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
00:07:05.0081 3024 Brserid - ok
00:07:05.0096 3024 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
00:07:05.0174 3024 BrSerWdm - ok
00:07:05.0205 3024 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
00:07:05.0283 3024 BrUsbMdm - ok
00:07:05.0315 3024 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
00:07:05.0377 3024 BrUsbSer - ok
00:07:05.0424 3024 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
00:07:05.0486 3024 BTHMODEM - ok
00:07:05.0502 3024 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:07:05.0549 3024 cdfs - ok
00:07:05.0580 3024 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:07:05.0611 3024 cdrom - ok
00:07:05.0658 3024 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
00:07:05.0720 3024 CertPropSvc - ok
00:07:05.0751 3024 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
00:07:05.0814 3024 circlass - ok
00:07:05.0861 3024 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
00:07:05.0876 3024 CLFS - ok
00:07:06.0001 3024 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:07:06.0017 3024 clr_optimization_v2.0.50727_32 - ok
00:07:06.0110 3024 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:07:06.0126 3024 CmBatt - ok
00:07:06.0157 3024 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:07:06.0173 3024 cmdide - ok
00:07:06.0188 3024 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:07:06.0204 3024 Compbatt - ok
00:07:06.0204 3024 COMSysApp - ok
00:07:06.0282 3024 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
00:07:06.0282 3024 crcdisk - ok
00:07:06.0329 3024 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
00:07:06.0344 3024 Crusoe - ok
00:07:06.0375 3024 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:07:06.0422 3024 CryptSvc - ok
00:07:06.0453 3024 [ 9A5434125C3DFE42393DE4BBB791BD19 ] CSC C:\Windows\system32\drivers\csc.sys
00:07:06.0485 3024 CSC - ok
00:07:06.0547 3024 [ CB1D480676229A09EEF1DD4D23C5EDF3 ] CscService C:\Windows\System32\cscsvc.dll
00:07:06.0578 3024 CscService - ok
00:07:06.0641 3024 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:07:06.0750 3024 DcomLaunch - ok
00:07:06.0812 3024 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:07:06.0828 3024 DfsC - ok
00:07:06.0968 3024 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
00:07:07.0140 3024 DFSR - ok
00:07:07.0202 3024 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
00:07:07.0249 3024 Dhcp - ok
00:07:07.0280 3024 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
00:07:07.0296 3024 disk - ok
00:07:07.0327 3024 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:07:07.0374 3024 Dnscache - ok
00:07:07.0405 3024 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
00:07:07.0436 3024 dot3svc - ok
00:07:07.0467 3024 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
00:07:07.0514 3024 DPS - ok
00:07:07.0577 3024 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:07:07.0608 3024 drmkaud - ok
00:07:07.0655 3024 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:07:07.0686 3024 DXGKrnl - ok
00:07:07.0733 3024 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
00:07:07.0779 3024 E1G60 - ok
00:07:07.0842 3024 [ 9475DC7971CFE8B0302D4126CF0653CD ] e1yexpress C:\Windows\system32\DRIVERS\e1y6032.sys
00:07:07.0889 3024 e1yexpress - ok
00:07:07.0904 3024 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
00:07:07.0935 3024 EapHost - ok
00:07:07.0967 3024 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
00:07:07.0982 3024 Ecache - ok
00:07:08.0029 3024 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
00:07:08.0045 3024 elxstor - ok
00:07:08.0091 3024 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
00:07:08.0138 3024 EMDMgmt - ok
00:07:08.0185 3024 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:07:08.0216 3024 ErrDev - ok
00:07:08.0263 3024 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
00:07:08.0310 3024 EventSystem - ok
00:07:08.0341 3024 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
00:07:08.0372 3024 exfat - ok
00:07:08.0403 3024 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:07:08.0450 3024 fastfat - ok
00:07:08.0466 3024 [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax C:\Windows\system32\fxssvc.exe
00:07:08.0513 3024 Fax - ok
00:07:08.0575 3024 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:07:08.0591 3024 fdc - ok
00:07:08.0622 3024 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
00:07:08.0669 3024 fdPHost - ok
00:07:08.0669 3024 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
00:07:08.0747 3024 FDResPub - ok
00:07:08.0762 3024 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:07:08.0778 3024 FileInfo - ok
00:07:08.0809 3024 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:07:08.0825 3024 Filetrace - ok
00:07:08.0840 3024 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:07:08.0856 3024 flpydisk - ok
00:07:08.0871 3024 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:07:08.0871 3024 FltMgr - ok
00:07:08.0949 3024 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:07:08.0949 3024 FontCache3.0.0.0 - ok
00:07:08.0981 3024 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:07:09.0012 3024 Fs_Rec - ok
00:07:09.0027 3024 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
00:07:09.0043 3024 gagp30kx - ok
00:07:09.0090 3024 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
00:07:09.0137 3024 gpsvc - ok
00:07:09.0215 3024 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
00:07:09.0230 3024 gupdate - ok
00:07:09.0230 3024 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
00:07:09.0230 3024 gupdatem - ok
00:07:09.0324 3024 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:07:09.0371 3024 HdAudAddService - ok
00:07:09.0386 3024 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:07:09.0417 3024 HDAudBus - ok
00:07:09.0449 3024 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
00:07:09.0495 3024 HidBth - ok
00:07:09.0511 3024 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
00:07:09.0573 3024 HidIr - ok
00:07:09.0589 3024 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
00:07:09.0651 3024 hidserv - ok
00:07:09.0683 3024 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:07:09.0714 3024 HidUsb - ok
00:07:09.0761 3024 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:07:09.0792 3024 hkmsvc - ok
00:07:09.0823 3024 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
00:07:09.0839 3024 HpCISSs - ok
00:07:09.0870 3024 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
00:07:09.0917 3024 HSFHWAZL - ok
00:07:09.0995 3024 [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
00:07:10.0073 3024 HSF_DPV - ok
00:07:10.0151 3024 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:07:10.0213 3024 HTTP - ok
00:07:10.0291 3024 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
00:07:10.0291 3024 i2omp - ok
00:07:10.0338 3024 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:07:10.0369 3024 i8042prt - ok
00:07:10.0416 3024 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
00:07:10.0431 3024 iaStorV - ok
00:07:10.0494 3024 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:07:10.0541 3024 idsvc - ok
00:07:10.0681 3024 [ 9B1C286404283F71D14DD681408B9750 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
00:07:11.0024 3024 igfx - ok
00:07:11.0071 3024 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
00:07:11.0087 3024 iirsp - ok
00:07:11.0165 3024 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
00:07:11.0211 3024 IKEEXT - ok
00:07:11.0258 3024 [ 264632ADE8127B7BAA2190CF6FAD435B ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
00:07:11.0289 3024 IntcHdmiAddService - ok
00:07:11.0336 3024 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
00:07:11.0336 3024 intelide - ok
00:07:11.0414 3024 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:07:11.0445 3024 intelppm - ok
00:07:11.0477 3024 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:07:11.0508 3024 IPBusEnum - ok
00:07:11.0523 3024 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:07:11.0586 3024 IpFilterDriver - ok
00:07:11.0617 3024 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:07:11.0664 3024 iphlpsvc - ok
00:07:11.0679 3024 IpInIp - ok
00:07:11.0711 3024 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
00:07:11.0742 3024 IPMIDRV - ok
00:07:11.0742 3024 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
00:07:11.0789 3024 IPNAT - ok
00:07:11.0804 3024 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:07:11.0835 3024 IRENUM - ok
00:07:11.0851 3024 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:07:11.0851 3024 isapnp - ok
00:07:11.0882 3024 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
00:07:11.0882 3024 iScsiPrt - ok
00:07:11.0913 3024 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
00:07:11.0913 3024 iteatapi - ok
00:07:11.0929 3024 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
00:07:11.0929 3024 iteraid - ok
00:07:11.0945 3024 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:07:11.0960 3024 kbdclass - ok
00:07:12.0023 3024 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
00:07:12.0054 3024 kbdhid - ok
00:07:12.0101 3024 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
00:07:12.0101 3024 KeyIso - ok
00:07:12.0116 3024 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:07:12.0194 3024 KSecDD - ok
00:07:12.0272 3024 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
00:07:12.0335 3024 KtmRm - ok
00:07:12.0397 3024 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:07:12.0459 3024 LanmanServer - ok
00:07:12.0522 3024 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:07:12.0569 3024 LanmanWorkstation - ok
00:07:12.0584 3024 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:07:12.0631 3024 lltdio - ok
00:07:12.0678 3024 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:07:12.0740 3024 lltdsvc - ok
00:07:12.0756 3024 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:07:12.0834 3024 lmhosts - ok
00:07:12.0865 3024 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
00:07:12.0881 3024 LSI_FC - ok
00:07:12.0896 3024 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
00:07:12.0912 3024 LSI_SAS - ok
00:07:12.0927 3024 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
00:07:12.0943 3024 LSI_SCSI - ok
00:07:12.0959 3024 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
00:07:12.0990 3024 luafv - ok
00:07:13.0021 3024 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
00:07:13.0037 3024 megasas - ok
00:07:13.0068 3024 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
00:07:13.0083 3024 MegaSR - ok
00:07:13.0130 3024 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
00:07:13.0161 3024 MMCSS - ok
00:07:13.0177 3024 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
00:07:13.0224 3024 Modem - ok
00:07:13.0271 3024 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:07:13.0317 3024 monitor - ok
00:07:13.0333 3024 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:07:13.0349 3024 mouclass - ok
00:07:13.0364 3024 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:07:13.0411 3024 mouhid - ok
00:07:13.0427 3024 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
00:07:13.0442 3024 MountMgr - ok
00:07:13.0458 3024 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
00:07:13.0473 3024 mpio - ok
00:07:13.0505 3024 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:07:13.0520 3024 mpsdrv - ok
00:07:13.0567 3024 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
00:07:13.0614 3024 MpsSvc - ok
00:07:13.0645 3024 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
00:07:13.0645 3024 Mraid35x - ok
00:07:13.0676 3024 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:07:13.0723 3024 MRxDAV - ok
00:07:13.0754 3024 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:07:13.0770 3024 mrxsmb - ok
00:07:13.0801 3024 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:07:13.0817 3024 mrxsmb10 - ok
00:07:13.0832 3024 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:07:13.0863 3024 mrxsmb20 - ok
00:07:13.0895 3024 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
00:07:13.0910 3024 msahci - ok
00:07:13.0926 3024 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:07:13.0941 3024 msdsm - ok
00:07:13.0973 3024 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
00:07:14.0035 3024 MSDTC - ok
00:07:14.0051 3024 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:07:14.0097 3024 Msfs - ok
00:07:14.0129 3024 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:07:14.0129 3024 msisadrv - ok
00:07:14.0191 3024 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:07:14.0207 3024 MSiSCSI - ok
00:07:14.0222 3024 msiserver - ok
00:07:14.0285 3024 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:07:14.0316 3024 MSKSSRV - ok
00:07:14.0363 3024 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:07:14.0394 3024 MSPCLOCK - ok
00:07:14.0394 3024 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:07:14.0425 3024 MSPQM - ok
00:07:14.0456 3024 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:07:14.0472 3024 MsRPC - ok
00:07:14.0487 3024 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
00:07:14.0487 3024 mssmbios - ok
00:07:14.0534 3024 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:07:14.0550 3024 MSTEE - ok
00:07:14.0581 3024 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
00:07:14.0597 3024 Mup - ok
00:07:14.0628 3024 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
00:07:14.0659 3024 napagent - ok
00:07:14.0706 3024 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:07:14.0737 3024 NativeWifiP - ok
00:07:14.0768 3024 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:07:14.0784 3024 NDIS - ok
00:07:14.0815 3024 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:07:14.0831 3024 NdisTapi - ok
00:07:14.0862 3024 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:07:14.0893 3024 Ndisuio - ok
00:07:14.0924 3024 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:07:14.0940 3024 NdisWan - ok
00:07:14.0971 3024 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:07:15.0002 3024 NDProxy - ok
00:07:15.0049 3024 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:07:15.0080 3024 NetBIOS - ok
00:07:15.0096 3024 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
00:07:15.0143 3024 netbt - ok
00:07:15.0158 3024 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
00:07:15.0174 3024 Netlogon - ok
00:07:15.0205 3024 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
00:07:15.0236 3024 Netman - ok
00:07:15.0267 3024 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
00:07:15.0299 3024 netprofm - ok
00:07:15.0345 3024 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:07:15.0361 3024 NetTcpPortSharing - ok
00:07:15.0408 3024 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
00:07:15.0423 3024 nfrd960 - ok
00:07:15.0470 3024 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:07:15.0517 3024 NlaSvc - ok
00:07:15.0533 3024 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:07:15.0548 3024 Npfs - ok
00:07:15.0564 3024 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
00:07:15.0611 3024 nsi - ok
00:07:15.0626 3024 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:07:15.0657 3024 nsiproxy - ok
00:07:15.0720 3024 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:07:15.0829 3024 Ntfs - ok
00:07:15.0876 3024 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
00:07:15.0938 3024 ntrigdigi - ok
00:07:16.0032 3024 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
00:07:16.0047 3024 Null - ok
00:07:16.0079 3024 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:07:16.0079 3024 nvraid - ok
00:07:16.0125 3024 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:07:16.0125 3024 nvstor - ok
00:07:16.0172 3024 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:07:16.0172 3024 nv_agp - ok
00:07:16.0172 3024 NwlnkFlt - ok
00:07:16.0188 3024 NwlnkFwd - ok
00:07:16.0219 3024 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
00:07:16.0250 3024 ohci1394 - ok
00:07:16.0297 3024 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
00:07:16.0344 3024 p2pimsvc - ok
00:07:16.0359 3024 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
00:07:16.0375 3024 p2psvc - ok
00:07:16.0437 3024 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
00:07:16.0484 3024 Parport - ok
00:07:16.0500 3024 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:07:16.0515 3024 partmgr - ok
00:07:16.0531 3024 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
00:07:16.0609 3024 Parvdm - ok
00:07:16.0640 3024 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
00:07:16.0671 3024 PcaSvc - ok
00:07:16.0687 3024 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
00:07:16.0703 3024 pci - ok
00:07:16.0703 3024 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
00:07:16.0718 3024 pciide - ok
00:07:16.0749 3024 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:07:16.0765 3024 pcmcia - ok
00:07:16.0812 3024 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:07:16.0905 3024 PEAUTH - ok
00:07:16.0983 3024 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
00:07:17.0249 3024 pla - ok
00:07:17.0295 3024 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:07:17.0342 3024 PlugPlay - ok
00:07:17.0389 3024 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
00:07:17.0405 3024 PNRPAutoReg - ok
00:07:17.0420 3024 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
00:07:17.0451 3024 PNRPsvc - ok
00:07:17.0514 3024 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:07:17.0701 3024 PolicyAgent - ok
00:07:17.0748 3024 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:07:17.0779 3024 PptpMiniport - ok
00:07:17.0857 3024 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
00:07:17.0888 3024 Processor - ok
00:07:17.0935 3024 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
00:07:17.0966 3024 ProfSvc - ok
00:07:17.0997 3024 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:07:17.0997 3024 ProtectedStorage - ok
00:07:18.0044 3024 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
00:07:18.0091 3024 PSched - ok
00:07:18.0138 3024 [ 30CBAE0A34359F1CD19D1576245149ED ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
00:07:18.0153 3024 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
00:07:18.0153 3024 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
00:07:18.0216 3024 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
00:07:18.0309 3024 ql2300 - ok
00:07:18.0372 3024 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
00:07:18.0387 3024 ql40xx - ok
00:07:18.0419 3024 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
00:07:18.0434 3024 QWAVE - ok
00:07:18.0450 3024 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:07:18.0481 3024 QWAVEdrv - ok
00:07:18.0528 3024 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:07:18.0575 3024 RasAcd - ok
00:07:18.0606 3024 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
00:07:18.0637 3024 RasAuto - ok
00:07:18.0668 3024 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:07:18.0699 3024 Rasl2tp - ok
00:07:18.0715 3024 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
00:07:18.0762 3024 RasMan - ok
00:07:18.0793 3024 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:07:18.0824 3024 RasPppoe - ok
00:07:18.0840 3024 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:07:18.0887 3024 RasSstp - ok
00:07:18.0918 3024 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:07:18.0933 3024 rdbss - ok
00:07:18.0949 3024 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:07:18.0980 3024 RDPCDD - ok
00:07:18.0996 3024 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
00:07:19.0011 3024 rdpdr - ok
00:07:19.0027 3024 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:07:19.0043 3024 RDPENCDD - ok
00:07:19.0074 3024 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:07:19.0121 3024 RDPWD - ok
00:07:19.0199 3024 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:07:19.0245 3024 RemoteAccess - ok
00:07:19.0277 3024 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:07:19.0308 3024 RemoteRegistry - ok
00:07:19.0355 3024 [ EA885E7A56F1BE1F14C372337C42FE48 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
00:07:19.0370 3024 rimmptsk - ok
00:07:19.0386 3024 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
00:07:19.0433 3024 RpcLocator - ok
00:07:19.0448 3024 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
00:07:19.0479 3024 RpcSs - ok
00:07:19.0511 3024 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:07:19.0542 3024 rspndr - ok
00:07:19.0557 3024 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
00:07:19.0573 3024 SamSs - ok
00:07:19.0589 3024 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:07:19.0604 3024 sbp2port - ok
00:07:19.0635 3024 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:07:19.0667 3024 SCardSvr - ok
00:07:19.0698 3024 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
00:07:19.0745 3024 Schedule - ok
00:07:19.0807 3024 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
00:07:19.0823 3024 SCPolicySvc - ok
00:07:19.0869 3024 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
00:07:19.0916 3024 sdbus - ok
00:07:19.0947 3024 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:07:19.0979 3024 SDRSVC - ok
00:07:19.0979 3024 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:07:20.0025 3024 secdrv - ok
00:07:20.0025 3024 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
00:07:20.0041 3024 seclogon - ok
00:07:20.0057 3024 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
00:07:20.0088 3024 SENS - ok
00:07:20.0150 3024 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:07:20.0197 3024 Serenum - ok
00:07:20.0228 3024 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:07:20.0259 3024 Serial - ok
00:07:20.0275 3024 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
00:07:20.0306 3024 sermouse - ok
00:07:20.0337 3024 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
00:07:20.0384 3024 SessionEnv - ok
00:07:20.0384 3024 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:07:20.0415 3024 sffdisk - ok
00:07:20.0415 3024 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:07:20.0447 3024 sffp_mmc - ok
00:07:20.0462 3024 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:07:20.0478 3024 sffp_sd - ok
00:07:20.0493 3024 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
00:07:20.0556 3024 sfloppy - ok
00:07:20.0587 3024 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:07:20.0618 3024 SharedAccess - ok
00:07:20.0649 3024 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:07:20.0696 3024 ShellHWDetection - ok
00:07:20.0727 3024 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
00:07:20.0743 3024 sisagp - ok
00:07:20.0759 3024 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
00:07:20.0774 3024 SiSRaid2 - ok
00:07:20.0774 3024 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
00:07:20.0790 3024 SiSRaid4 - ok
00:07:20.0883 3024 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
00:07:21.0164 3024 slsvc - ok
00:07:21.0195 3024 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
00:07:21.0227 3024 SLUINotify - ok
00:07:21.0258 3024 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:07:21.0305 3024 Smb - ok
00:07:21.0320 3024 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:07:21.0336 3024 SNMPTRAP - ok
00:07:21.0351 3024 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
00:07:21.0367 3024 spldr - ok
00:07:21.0398 3024 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
00:07:21.0429 3024 Spooler - ok
00:07:21.0461 3024 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
00:07:21.0492 3024 srv - ok
00:07:21.0523 3024 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:07:21.0554 3024 srv2 - ok
00:07:21.0585 3024 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:07:21.0601 3024 srvnet - ok
00:07:21.0632 3024 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:07:21.0663 3024 SSDPSRV - ok
00:07:21.0695 3024 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:07:21.0710 3024 SstpSvc - ok
00:07:21.0741 3024 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
00:07:21.0788 3024 stisvc - ok
00:07:21.0835 3024 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
00:07:21.0835 3024 swenum - ok
00:07:21.0882 3024 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
00:07:21.0929 3024 swprv - ok
00:07:21.0975 3024 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
00:07:21.0991 3024 Symc8xx - ok
00:07:21.0991 3024 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
00:07:22.0007 3024 Sym_hi - ok
00:07:22.0007 3024 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
00:07:22.0022 3024 Sym_u3 - ok
00:07:22.0069 3024 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
00:07:22.0116 3024 SysMain - ok
00:07:22.0178 3024 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:07:22.0241 3024 TabletInputService - ok
00:07:22.0303 3024 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
00:07:22.0350 3024 TapiSrv - ok
00:07:22.0365 3024 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
00:07:22.0412 3024 TBS - ok
00:07:22.0459 3024 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:07:22.0490 3024 Tcpip - ok
00:07:22.0506 3024 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
00:07:22.0537 3024 Tcpip6 - ok
00:07:22.0584 3024 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:07:22.0615 3024 tcpipreg - ok
00:07:22.0693 3024 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:07:22.0709 3024 TDPIPE - ok
00:07:22.0709 3024 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:07:22.0755 3024 TDTCP - ok
00:07:22.0771 3024 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:07:22.0787 3024 tdx - ok
00:07:22.0802 3024 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
00:07:22.0818 3024 TermDD - ok
00:07:22.0849 3024 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
00:07:22.0896 3024 TermService - ok
00:07:22.0911 3024 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
00:07:22.0927 3024 Themes - ok
00:07:22.0927 3024 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
00:07:22.0958 3024 THREADORDER - ok
00:07:23.0005 3024 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
00:07:23.0036 3024 TrkWks - ok
00:07:23.0114 3024 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:07:23.0161 3024 TrustedInstaller - ok
00:07:23.0192 3024 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:07:23.0223 3024 tssecsrv - ok
00:07:23.0270 3024 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
00:07:23.0286 3024 tunmp - ok
00:07:23.0301 3024 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:07:23.0317 3024 tunnel - ok
00:07:23.0333 3024 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
00:07:23.0348 3024 uagp35 - ok
00:07:23.0364 3024 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:07:23.0395 3024 udfs - ok
00:07:23.0426 3024 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:07:23.0457 3024 UI0Detect - ok
00:07:23.0457 3024 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:07:23.0473 3024 uliagpkx - ok
00:07:23.0504 3024 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
00:07:23.0520 3024 uliahci - ok
00:07:23.0520 3024 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
00:07:23.0535 3024 UlSata - ok
00:07:23.0551 3024 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
00:07:23.0567 3024 ulsata2 - ok
00:07:23.0582 3024 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:07:23.0613 3024 umbus - ok
00:07:23.0629 3024 [ 909795B5B15047D9331F3D6B276B3993 ] UmRdpService C:\Windows\System32\umrdp.dll
00:07:23.0660 3024 UmRdpService - ok
00:07:23.0691 3024 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
00:07:23.0738 3024 upnphost - ok
00:07:23.0769 3024 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:07:23.0785 3024 usbccgp - ok
00:07:23.0816 3024 [ E0B8489AEDA9EA33361037BE6A8CF1CA ] USBCCID C:\Windows\system32\DRIVERS\usbccid.sys
00:07:23.0832 3024 USBCCID - ok
00:07:23.0879 3024 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:07:23.0910 3024 usbcir - ok
00:07:23.0941 3024 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:07:23.0957 3024 usbehci - ok
00:07:23.0988 3024 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:07:24.0019 3024 usbhub - ok
00:07:24.0050 3024 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:07:24.0097 3024 usbohci - ok
00:07:24.0113 3024 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
00:07:24.0159 3024 usbprint - ok
00:07:24.0191 3024 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:07:24.0222 3024 USBSTOR - ok
00:07:24.0253 3024 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:07:24.0284 3024 usbuhci - ok
00:07:24.0315 3024 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
00:07:24.0347 3024 UxSms - ok
00:07:24.0362 3024 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
00:07:24.0409 3024 vds - ok
00:07:24.0456 3024 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:07:24.0487 3024 vga - ok
00:07:24.0534 3024 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
00:07:24.0549 3024 VgaSave - ok
00:07:24.0581 3024 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
00:07:24.0596 3024 viaagp - ok
00:07:24.0612 3024 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
00:07:24.0659 3024 ViaC7 - ok
00:07:24.0674 3024 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
00:07:24.0674 3024 viaide - ok
00:07:24.0705 3024 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:07:24.0705 3024 volmgr - ok
00:07:24.0752 3024 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:07:24.0768 3024 volmgrx - ok
00:07:24.0783 3024 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:07:24.0799 3024 volsnap - ok
00:07:24.0830 3024 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
00:07:24.0846 3024 vsmraid - ok
00:07:24.0908 3024 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
00:07:24.0986 3024 VSS - ok
00:07:25.0002 3024 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
00:07:25.0049 3024 W32Time - ok
00:07:25.0080 3024 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
00:07:25.0158 3024 WacomPen - ok
00:07:25.0189 3024 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
00:07:25.0220 3024 Wanarp - ok
00:07:25.0236 3024 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:07:25.0251 3024 Wanarpv6 - ok
00:07:25.0283 3024 [ 3BE6FB7ACD994D6EEE9836C4E36F1FFC ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
00:07:25.0314 3024 WAS - ok
00:07:25.0392 3024 [ F0E594DD07B2163DF9F5D5B6B471DDFA ] wbengine C:\Windows\system32\wbengine.exe
00:07:25.0423 3024 wbengine - ok
00:07:25.0454 3024 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:07:25.0485 3024 wcncsvc - ok
00:07:25.0532 3024 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:07:25.0579 3024 WcsPlugInService - ok
00:07:25.0641 3024 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
00:07:25.0657 3024 Wd - ok
00:07:25.0688 3024 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:07:25.0704 3024 Wdf01000 - ok
00:07:25.0735 3024 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:07:25.0782 3024 WdiServiceHost - ok
00:07:25.0782 3024 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:07:25.0813 3024 WdiSystemHost - ok
00:07:25.0829 3024 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
00:07:25.0844 3024 WebClient - ok
00:07:25.0875 3024 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:07:25.0907 3024 Wecsvc - ok
00:07:25.0922 3024 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:07:25.0938 3024 wercplsupport - ok
00:07:26.0000 3024 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
00:07:26.0031 3024 WerSvc - ok
00:07:26.0047 3024 [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
00:07:26.0094 3024 winachsf - ok
00:07:26.0172 3024 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
00:07:26.0187 3024 WinDefend - ok
00:07:26.0203 3024 WinHttpAutoProxySvc - ok
00:07:26.0265 3024 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:07:26.0297 3024 Winmgmt - ok
00:07:26.0406 3024 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
00:07:26.0453 3024 WinRM - ok
00:07:26.0515 3024 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
00:07:26.0562 3024 Wlansvc - ok
00:07:26.0593 3024 [ 505372073EAE4B6DB42EE2CD16957C74 ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
00:07:26.0609 3024 wltrysvc ( UnsignedFile.Multi.Generic ) - warning
00:07:26.0609 3024 wltrysvc - detected UnsignedFile.Multi.Generic (1)
00:07:26.0640 3024 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
00:07:26.0655 3024 WmiAcpi - ok
00:07:26.0718 3024 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:07:26.0765 3024 wmiApSrv - ok
00:07:26.0827 3024 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
00:07:26.0858 3024 WMPNetworkSvc - ok
00:07:26.0905 3024 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:07:26.0936 3024 WPDBusEnum - ok
00:07:26.0999 3024 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:07:27.0014 3024 ws2ifsl - ok
00:07:27.0045 3024 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll
00:07:27.0061 3024 wscsvc - ok
00:07:27.0061 3024 WSearch - ok
00:07:27.0139 3024 [ D79538B67FA641E986855DEF651E78FE ] wuauserv C:\Windows\system32\wuaueng.dll
00:07:27.0482 3024 wuauserv - ok
00:07:27.0513 3024 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:07:27.0545 3024 WUDFRd - ok
00:07:27.0576 3024 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:07:27.0607 3024 wudfsvc - ok
00:07:27.0623 3024 ================ Scan global ===============================
00:07:27.0669 3024 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
00:07:27.0701 3024 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
00:07:27.0732 3024 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
00:07:27.0763 3024 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
00:07:27.0779 3024 [Global] - ok
00:07:27.0779 3024 ================ Scan MBR ==================================
00:07:27.0794 3024 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
00:07:28.0605 3024 \Device\Harddisk0\DR0 - ok
00:07:28.0605 3024 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR2
00:07:28.0777 3024 \Device\Harddisk1\DR2 - ok
00:07:28.0777 3024 ================ Scan VBR ==================================
00:07:28.0777 3024 [ A906A60227BF8E09BC9DEAA28D98C26B ] \Device\Harddisk0\DR0\Partition1
00:07:28.0777 3024 \Device\Harddisk0\DR0\Partition1 - ok
00:07:28.0793 3024 [ 65A1376B6786BCD93629B6FFC4049190 ] \Device\Harddisk1\DR2\Partition1
00:07:28.0793 3024 \Device\Harddisk1\DR2\Partition1 - ok
00:07:28.0793 3024 ============================================================
00:07:28.0793 3024 Scan finished
00:07:28.0793 3024 ============================================================
00:07:28.0793 2864 Detected object count: 2
00:07:28.0793 2864 Actual detected object count: 2
00:21:35.0237 2864 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
00:21:35.0237 2864 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:21:35.0237 2864 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
00:21:35.0237 2864 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
Das hat bei meinem PC wunderbar funktioniert. Der hat alles gefunden |
|
03.06.2013, 20:25
| #14 |
| /// Malware-holic | Weißer Bildschirm passt. Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.06.2013, 20:38
| #15 |
| | Weißer Bildschirm Ist das das Richtige? Code:
ATTFilter ComboFix 13-06-03.06 - meinLaptop 04.06.2013 0:31.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.49.1031.18.3023.1794 [GMT 2:00]
ausgeführt von:: c:\users\meinLaptop\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\npf.sys
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-03 bis 2013-06-03 ))))))))))))))))))))))))))))))
.
.
2013-06-04 02:44 . 2013-06-03 20:55 -------- d-----w- C:\_OTL
2013-06-03 22:35 . 2013-06-03 22:35 -------- d-----w- c:\users\meinLaptop\AppData\Local\temp
2013-06-03 22:35 . 2013-06-03 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-02 07:08 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65B99311-8B54-48BB-97C3-85FA8F0D4FE9}\mpengine.dll
2013-05-30 18:12 . 2013-05-30 18:12 -------- d-----w- c:\program files\Windows Collaboration
2013-05-30 18:12 . 2013-05-30 18:12 -------- d-----w- C:\inetpub
2013-05-30 16:58 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2013-05-30 16:58 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2013-05-30 16:58 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2013-05-30 16:58 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2013-05-30 16:58 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2013-05-30 16:58 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2013-05-30 16:52 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2013-05-30 16:52 . 2009-10-23 17:42 714240 ----a-w- c:\windows\system32\timedate.cpl
2013-05-30 16:52 . 2008-08-28 03:40 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2013-05-30 16:52 . 2008-08-28 03:40 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-05-30 16:52 . 2008-08-28 03:40 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-05-30 16:51 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2013-05-30 16:51 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
2013-05-30 16:51 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2013-05-30 16:51 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2013-05-30 16:51 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
2013-05-30 16:51 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2013-05-30 16:51 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2013-05-30 16:51 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2013-05-30 16:51 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2013-05-30 16:51 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2013-05-30 16:51 . 2008-03-08 04:21 1695744 ----a-w- c:\windows\system32\gameux.dll
2013-05-30 16:51 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2013-05-30 16:42 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll
2013-05-30 16:42 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll
2013-05-30 16:42 . 2008-10-21 05:25 1645568 ----a-w- c:\windows\system32\connect.dll
2013-05-30 16:42 . 2009-09-10 15:21 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2013-05-30 16:42 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2013-05-30 16:34 . 2013-05-30 16:34 -------- d-----w- c:\users\meinLaptop\AppData\Local\WindowsUpdate
2013-05-30 16:23 . 2013-05-30 16:23 -------- d-----w- c:\programdata\Systweak
2013-05-30 16:23 . 2013-05-30 16:23 -------- d-----w- c:\program files\Advanced System Protector
2013-05-30 16:23 . 2012-07-25 10:03 17136 ----a-w- c:\windows\system32\sasnative32.exe
2013-05-30 16:22 . 2013-05-30 16:23 -------- d-----w- c:\users\meinLaptop\AppData\Roaming\Systweak
2013-05-30 16:22 . 2013-05-30 16:22 -------- d-----w- c:\program files\RegClean Pro
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-17 12:22 . 2013-02-08 17:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-17 12:22 . 2013-02-08 17:58 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 00:06 . 2013-02-08 17:51 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-10 19:25 . 2012-05-23 11:09 89680 ----a-w- c:\users\meinLaptop\MSSSerif120.fon
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{65cee10f-b443-447b-bc49-588d94ec564a}"= "c:\program files\FileConverter_1.3F4\prxtbFile.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{65cee10f-b443-447b-bc49-588d94ec564a}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{65cee10f-b443-447b-bc49-588d94ec564a}]
2012-11-06 12:01 183112 ----a-w- c:\program files\FileConverter_1.3F4\prxtbFile.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{65cee10f-b443-447b-bc49-588d94ec564a}"= "c:\program files\FileConverter_1.3F4\prxtbFile.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{65cee10f-b443-447b-bc49-588d94ec564a}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{65CEE10F-B443-447B-BC49-588D94EC564A}"= "c:\program files\FileConverter_1.3F4\prxtbFile.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{65cee10f-b443-447b-bc49-588d94ec564a}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-18 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-18 153624]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-11-30 4685824]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-06 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 77017073
*Deregistered* - 77017073
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-24 18:30 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-08 12:22]
.
2013-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-08 17:58]
.
2013-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-08 17:58]
.
2013-05-30 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2013-05-30 10:01]
.
2013-05-30 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2013-05-30 10:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN10200577301906479&ctid=CT3284351
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-06-04 00:35
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-06-04 00:36:27
ComboFix-quarantined-files.txt 2013-06-03 22:36
.
Vor Suchlauf: 11 Verzeichnis(se), 20.716.888.064 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 20.674.584.576 Bytes frei
.
- - End Of File - - E55D8EB25A7E65C054BFDD6A81B81461
|
|
| Themen zu Weißer Bildschirm |
| .com, adobe, adobe flash player, autorun, bho, bildschirm, defender, desktop, error, explorer, flash player, format, frage, logfile, microsoft, netzwerk, neu, problem, regclean, registry, scan, software, vista, windows, winlogon, wlan |
WARNUNG an die MITLESER: 
Linear-Darstellung
